Last weekend at New York Comic-Con, a lot of attendees found themselves tweeting ecstatically about the convention — without having written those tweets, because NYCC had hijacked people's social media accounts that were linked to their badges. In this open letter, the Electronic Frontier Foundation explains why that's heinous.

You may have read about the galactic frack-up at New York Comic-Con last week, in which hundreds of convention-goers learned that NYCC was posting hideously uncreative, gratuitously gleeful promotional tweets from their personal Twitter accounts. As a convention organizer yourself, these tweets and the subsequently trollful complaints may have filled up your feed. Nightmares of similar PR disasters may have (should have) have kept your heart racing as you tried to sleep.

NYCC attendees contacted us to ask what can be done about it, and that's why I entreat you today to think thoroughly through future attempts to lever technology against the fandoms, particularly when it comes to linking convention badges to personal data, including location.

Within hours of the show opening its doors, members of the press, professionals and attendees discovered that their Twitter accounts were automatically sending out messages praising the show. Among those whose accounts tweeted without their knowledge were my own, IGN's Greg Miller, Ain't It Cool News' Harry Knowles, Attract Mode's Matt Hawkins and, according to Twitter, hundreds of others.

The pre-written tweets — more than 500 of them — were sent out on accounts shortly after the doors opened. They included the phrases "So much pop culture to digest! Can't. handle. the. awesome. #NYCC," "I can't get enough #NYCC!" and "So much to see, so much to do! #NYCC 2013 I love you!"

Unsurprisingly, fans at NYCC had enough of these promotional tweets as soon as the con started. Polar. Opposite. Of. Awesome. Apparently, when attendees activated their RFID-enabled badges, they unintentionally granted NYCC's organizers—ReedPOP—the ability to post tweets on their behalf. According to Kotaku (and others), NYCC has since apologized for being "too enthusiastic in our messaging and eagerness to spread the good word about NYCC," and shut down the program.

Today in News That's Sketchy As Hell, here's one of the worst social media gaffes…
Read more Read more

Being too enthusiastic is only one issue. Regardless of the messaging, ghost tweets are at best tacky, at worst creepy, and always unnecessary. If there's one thing you can count on from geek conventioneers: they will tweet like Judge Dredd drops bodies—without any help. Even more problematic is that if even journalists such as Jill Scharr, for whom words are their livelihood, were unaware they were granting that kind of authority over their online personas, then NYCC did not do an adequate job of making its intentions clear. As a result, NYCC has tainted the safe spaces that these gatherings are to many a geek.

There's another element worth addressing as well when it comes to safe spaces. Newsarama explained in detail how NYCC is using RFID chipped badge to ensure only paying attendees get in the door. The badges are designed to uniquely identify attendees and, according to NYCC:

That data collected through RFID technology includes, for instance, how many Fans enter NYCC, the date and time of their visit, the number of times they enter and exit and which entrances or exits they use. This information may be used for internal purposes to help make NYCC a better experience for everyone.

Social-media activation of the badge was optional; in exchange, an attendee received a bunch of free electronic comics and, in the words of NYCC, unlocked "a whole new level of awesomeness." But it also meant that a lot more personal information beyond your name were identified with the badge. While this year it was just about identification, a ReedPOP executive told Newsarama that much bigger plans are on the horizon:

"This year is about successful implementation of NYCC ID. Once that is done, the options are pretty limitless of how we might use the technology to improve the experience for our fans."

"Limitless" is not a word we like to see associated with locational tracking. There should absolutely be limits. Newsarama's piece discusses the possibility of 1-to-1 person tracking, a technology that could theoretically allow a controller to follow say, Stan Lee, as he makes his rounds along a convention floor. That, indeed, would be an astonishing development for the pop-culture-razzi, but only if Stan the Man agreed to it himself. And by "agree," we mean a fully-informed permission, not the fuzzy consent that happened this year with Twitter access.

What we don't want to see is massive tracking using RFID chips (or any other easily trackable or hackable technology) in badges, whether that's real-time tracking or requiring check-ins at every panel entrance. Obviously, these are very public events and an attendee can't expect a lot of privacy—they're likely to pop up in the background of hundreds of photographs posted to social media. At the same time, there is a certain anonymity in crowds, and it's an anonymity built into the culture of cons.

How many fans would steer clear of controversial graphic novels or manga tables (or even cheesy guilty childhood pleasures) if they knew someone was creating a log of every booth where they lingered? Think about the young LGBT artists who have yet to come out to their parents, but are finding the courage through sitting in the back of a queer comics panel. Would they still enter if they had to scan their personally identifiable badges at the door? Once you open the gate to this technology for third-party marketing, businesses outside the convention hall will be able to track your attendees. Won't that chill the tradition of proudly wearing a badge every moment, from the pre-preview night happy hour to the last after party?

And what about the cosplayers? What about protecting their secret identities?

New York Comic-Con is over, but the amazing cosplay that we saw there will be burned in our brains…
Read more Read more

Any good convention can be measured by the superheroes and supervillains, robots and road warriors, zombies and zoo animals, roaming the floor in elaborate costumes. While they're in uniform, these cosplayers shift identities and become Deadpool, Princess Breakfast, or a steampunk Dalek. And they should be able to retain those identities. They should not have to involuntarily wear a chip broadcasting personal information and they should not be tracked, which in itself creates identifiable data. At EFF, we've argued that, with locational data, whether it's license plate readers or GPS tracking, all you need is a few data points about a person's whereabouts to determine very personal things about them.

Similarly, if you have someone's name and a few places they were in a given period of time, you can easily determine that the magnificent Twilight Sparkle from My Little Pony Friendship is Magic is actually Alfred Merkowitz from Beatrice, Nebraska.

Some of this may be unavoidable as conventions, like all things, adapt and experiment with new technologies. However, as an organizer, you do need to self-impose limits. Here a few privacy principles you might consider:

If you must log data on users to protect access to the venue, limit it to the entrance and exits, not to individual rooms or the exhibition hall.

Allow users to register public-facing alter egos, whether that's the name on the front of a badge, or on the RFID chip or barcode that will be scanned by organizers and vendors.

Do not use tracking technology, such as cell-phone pinging, RFID tracking, or facial recognition. Further, in your vendor/attendee agreements, prohibit third-party use of these mass data collection technologies in the convention center.

No personal data should be stored longer than is necessary to provide the optimal attendee experience, with the exception of the basic details needed for registration renewal. If you collect location information for traffic-flow analysis, this data should be fully disassociated from identities of the badge holders.

Be crystal clear in your privacy agreements and terms what you will and won't collect and how people can opt out. If a journalist misses it, you've buried it too deeply in the fine print.

Avoid using technologies that can be accessed or exploited by third-parties with no affiliation with the convention.

As you move forward, you should ground yourself in the ideal presented by Alternative Press Expo, the indie-centric little brother to San Diego Comic-Con that also ran last weekend. No chips. No fake tweets. The badges were plain old card stock hanging at the end of metal beaded chain.

You can still have a convention at the cutting edge of culture, without bleeding your attendees' privacy away.